Bash

• About Bash, on page 1• Guidelines and Limitations, on page 1• Accessing Bash, on page 1• Escalate Privileges to Root, on page 3• Examples of Bash Commands, on page 4• Managing RPMs, on page 5• Persistently Daemonizing an SDK- or ISO-built Third Party Process, on page 8• Persistently Starting Your Application from the Native Bash Shell, on page 8• An Example Application in the Native Bash Shell, on page 9

About BashIn addition to the NX-OS CLI, Cisco Nexus 3600 devices support access to the Bourne-Again SHell (Bash).Bash interprets commands that you enter or commands that are read from a shell script. Using Bash enablesaccess to the underlying Linux system on the device and to manage the system.

Guidelines and LimitationsThe Bash shell has the following guidelines and limitations:

• The binaries located in the /isan folder are meant to be run in an environment which is setup differentlyfrom that of the shell entered from the run bash command. It is advisable not to use these binaries fromthe Bash shell as the behavior within this environment is not predictable.

Accessing BashIn Cisco NX-OS, Bash is accessible from user accounts that are associated with the Cisco NX-OS dev-opsrole or the Cisco NX-OS network-admin role.

The following example shows the authority of the dev-ops role and the network-admin role:switch# show role name dev-ops

Role: dev-ops

Bash1

Description: Predefined system role for devops access. This rolecannot be modified.Vlan policy: permit (default)Interface policy: permit (default)Vrf policy: permit (default)-------------------------------------------------------------------Rule Perm Type Scope Entity-------------------------------------------------------------------4 permit command conf t ; username *3 permit command bcm module *2 permit command run bash *1 permit command python *

switch# show role name network-admin

Role: network-adminDescription: Predefined network admin role has access to all commandson the switch-------------------------------------------------------------------Rule Perm Type Scope Entity-------------------------------------------------------------------1 permit read-write

switch#

Bash is enabled by running the feature bash-shell command.

The run bash command loads Bash and begins at the home directory for the user.

The following examples show how to enable the Bash shell feature and how to run Bash.switch# configure terminalswitch(config)# feature bash-shell

switch# run?run Execute/run programrun-script Run shell scripts

switch# run bash?bash Linux-bash

switch# run bashbash-4.2$ whoamiadminbash-4.2$ pwd/bootflash/home/adminbash-4.2$

You can also execute Bash commands with run bash command.

For instance, you can run whoami using run bash command:run bash whoami

You can also run Bash by configuring the user shelltype:username foo shelltype bash

This command puts you directly into the Bash shell.

Note

Bash2

BashAccessing Bash

Escalate Privileges to RootThe privileges of an admin user can escalate their privileges for root access.

The following are guidelines for escalating privileges:

• Only an admin user can escalate privileges to root.

• Bash must be enabled before escalating privileges.

• Escalation to root is password protected.

NX-OS network administrator users must escalate to root to pass configuration commands to the NX-OSVSH if:

• The NX-OS user has a shell-type Bash and logs into the switch with a shell-type Bash.

• The NX-OS user logged into the switch in Bash continues to use Bash on the switch.

Run sudo su 'vsh -c "<configuration commands>"' or sudo bash -c 'vsh -c "<configuration commands>"'.

The example below demonstrates with network administrator user MyUser with a default shelltype Bash usingsudo to pass configuration commands to the NX-OS:ssh -l MyUser 1.2.3.4-bash-4.2$ sudo vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; showinterface eth1/2 brief"

--------------------------------------------------------------------------------Ethernet VLAN Type Mode Status Reason Speed PortInterface Ch #--------------------------------------------------------------------------------Eth1/2 -- eth routed down Administratively down auto(D) --

The example below demonstrates with network administrator userMyUser with default shelltype Bash enteringthe NX-OS and then running Bash on the NX-OS:ssh -l MyUser 1.2.3.4-bash-4.2$ vsh -hCisco NX-OS SoftwareCopyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.Nexus 3600 software ("Nexus 3600 Software") and related documentation,files or other reference materials ("Documentation") arethe proprietary property and confidential information of CiscoSystems, Inc. ("Cisco") and are protected, without limitation,pursuant to United States and International copyright and trademarklaws in the applicable jurisdiction which provide civil and criminalpenalties for copying or distribution without Cisco's authorization.

Any use or disclosure, in whole or in part, of the Nexus 3600 Softwareor Documentation to any third party for any purposes is expresslyprohibited except as otherwise authorized by Cisco in writing.The copyrights to certain works contained herein are owned by otherthird parties and are used and distributed under license. Some partsof this software may be covered under the GNU Public License or theGNU Lesser General Public License. A copy of each such license isavailable athttp://www.gnu.org/licenses/gpl.html andhttp://www.gnu.org/licenses/lgpl.html***************************************************************************

Bash3

BashEscalate Privileges to Root

* Nexus 3600 is strictly limited to use for evaluation, demonstration ** and NX-OS education. Any use or disclosure, in whole or in part of ** the Nexus 3600 Software or Documentation to any third party for any ** purposes is expressly prohibited except as otherwise authorized by ** Cisco in writing. ****************************************************************************switch# run bashbash-4.2$ vsh -c "configure terminal ; interface eth1/2 ; shutdown ; sleep 2 ; show interfaceeth1/2 brief"

--------------------------------------------------------------------------------Ethernet VLAN Type Mode Status Reason Speed PortInterface Ch #--------------------------------------------------------------------------------Eth1/2 -- eth routed down Administratively down auto(D) --

The following example shows how to escalate privileges to root and how to verify the escalation:switch# run bashbash-4.2$ sudo su rootbash-4.2# whoamirootbash-4.2# exitexit

Examples of Bash CommandsThis section contains examples of Bash commands and output.

Displaying System StatisticsThe following example displays system statistics:switch# run bashbash-4.2$ cat /proc/meminfo<snip>MemTotal: 16402560 kBMemFree: 14098136 kBBuffers: 11492 kBCached: 1287880 kBSwapCached: 0 kBActive: 1109448 kBInactive: 717036 kBActive(anon): 817856 kBInactive(anon): 702880 kBActive(file): 291592 kBInactive(file): 14156 kBUnevictable: 0 kBMlocked: 0 kBSwapTotal: 0 kBSwapFree: 0 kBDirty: 32 kBWriteback: 0 kBAnonPages: 527088 kBMapped: 97832 kB<\snip>

Bash4

BashExamples of Bash Commands

Running Bash from CLIThe following example runs ps from Bash using run bash command:switch# run bash ps -elF S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD4 S 0 1 0 0 80 0 - 528 poll_s ? 00:00:03 init1 S 0 2 0 0 80 0 - 0 kthrea ? 00:00:00 kthreadd1 S 0 3 2 0 80 0 - 0 run_ks ? 00:00:56 ksoftirqd/01 S 0 6 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/01 S 0 7 2 0 -40 - - 0 watchd ? 00:00:00 watchdog/01 S 0 8 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/11 S 0 9 2 0 80 0 - 0 worker ? 00:00:00 kworker/1:01 S 0 10 2 0 80 0 - 0 run_ks ? 00:00:00 ksoftirqd/1

Running Python from BashThe following example shows how to load Python and configure a switch using Python objects:switch# run bashbash-4.2$ pythonPython 2.7.5 (default, Oct 8 2013, 23:59:43)[GCC 4.7.2] on linux2Type "help", "copyright", "credits" or "license" for more information.>>> from cisco import *>>> from cisco.vrf import *>>> from cisco.interface import *>>> vrfobj=VRF('myvrf')>>> vrfobj.get_name()'myvrf'>>> vrfobj.add_interface('Ethernet1/3')True>>> intf=Interface('Ethernet1/3')>>> print intf.config()

!Command: show running-config interface Ethernet1/3!Time: Mon Nov 4 13:17:56 2013

version 6.1(2)I2(1)

interface Ethernet1/3vrf member myvrf

>>>

Managing RPMs

Installing RPMs from Bash

Procedure

PurposeCommand or Action

Displays a list of the NX-OS feature RPMsinstalled on the switch.

sudo yum installed | grep platformStep 1

Bash5

BashRunning Bash from CLI

PurposeCommand or Action

Displays a list of the available RPMs.sudo yum list availableStep 2

Installs an available RPM.sudo yum -y install rpmStep 3

Example

The following is an example of installing the bfd RPM:bash-4.2$ sudo yum list installed | grep n3600base-files.n3600 3.0.14-r74.2 installedbfd.lib32_n3600 1.0.0-r0 installedcore.lib32_n3600 1.0.0-r0 installedeigrp.lib32_n3600 1.0.0-r0 installedeth.lib32_n3600 1.0.0-r0 installedisis.lib32_n3600 1.0.0-r0 installedlacp.lib32_n3600 1.0.0-r0 installedlinecard.lib32_n3600 1.0.0-r0 installedlldp.lib32_n3600 1.0.0-r0 installedntp.lib32_n3600 1.0.0-r0 installednxos-ssh.lib32_n3600 1.0.0-r0 installedospf.lib32_n3600 1.0.0-r0 installedperf-cisco.n3600_gdb 3.12-r0 installedplatform.lib32_n3600 1.0.0-r0 installedshadow-securetty.n3600_gdb 4.1.4.3-r1 installedsnmp.lib32_n3600 1.0.0-r0 installedsvi.lib32_n3600 1.0.0-r0 installedsysvinit-inittab.n3600_gdb 2.88dsf-r14 installedtacacs.lib32_n3600 1.0.0-r0 installedtask-nxos-base.n3600_gdb 1.0-r0 installedtor.lib32_n3600 1.0.0-r0 installedvtp.lib32_n3600 1.0.0-r0 installedbash-4.2$ sudo yum list availablebgp.lib32_n3600 1.0.0-r0bash-4.2$ sudo yum -y install bfd

Upon switch reload during boot up, use the rpm command instead of yum for persistent RPMs.Otherwise, RPMs initially installed using yum bash or install CLI will show reponame or filenameinstead of installed.

Note

Upgrading RPMs

Before you begin

There must be a higher version of the RPM in the Yum repository.

Procedure

PurposeCommand or Action

Upgrades an installed RPM.sudo yum -y upgrade rpmStep 1

Bash6

BashUpgrading RPMs

Example

The following is an example of upgrading the bfd RPM:bash-4.2$ sudo yum -y upgrade bfd

Downgrading an RPM

Procedure

PurposeCommand or Action

Downgrades the RPM if any of the Yumrepositories has a lower version of the RPM.

sudo yum -y downgrade rpmStep 1

Example

The following example shows how to downgrade the bfd RPM:bash-4.2$ sudo yum -y downgrade bfd

Erasing an RPM

The SNMP RPM and the NTP RPM are protected and cannot be erased.

You can upgrade or downgrade these RPMs. It requires a system reload for the upgrade or downgrade to takeeffect.

For the list of protected rpms, see /etc/yum/protected.d/protected_pkgs.conf.

Note

Procedure

PurposeCommand or Action

Erases the RPM.sudo yum -y erase rpmStep 1

Example

The following example shows how to erase the bfd RPM:bash-4.2$ sudo yum -y erase bfd

Bash7

BashDowngrading an RPM

Persistently Daemonizing an SDK- or ISO-built Third PartyProcess

Your application should have a startup bash script that gets installed in /etc/init.d/application_name.This startup bash script should have the following general format (for more information on this format, seehttp://linux.die.net/man/8/chkconfig).#!/bin/bash## <application_name> Short description of your application## chkconfig: 2345 15 85# description: Short description of your application#### BEGIN INIT INFO# Provides: <application_name># Required-Start: $local_fs $remote_fs $network $named# Required-Stop: $local_fs $remote_fs $network# Description: Short description of your application### END INIT INFO# See how we were called.case "$1" instart)# Put your startup commands here# Set RETVAL to 0 for success, non-0 for failure;;stop)# Put your stop commands here# Set RETVAL to 0 for success, non-0 for failure;;status)# Put your status commands here# Set RETVAL to 0 for success, non-0 for failure;;restart|force-reload|reload)# Put your restart commands here# Set RETVAL to 0 for success, non-0 for failure;;*)echo $"Usage: $prog {start|stop|status|restart|force-reload}"RETVAL=2esac

exit $RETVAL

Persistently Starting Your Application from the Native BashShell

Procedure

Step 1 Install your application startup bash script that you created above into /etc/init.d/application_name

Step 2 Start your application with /etc/init.d/application_name start

Bash8

BashPersistently Daemonizing an SDK- or ISO-built Third Party Process

Step 3 Enter chkconfig --add application_nameStep 4 Enter chkconfig --level 3 application_name on

Run level 3 is the standard multi-user run level, and the level at which the switch normally runs.

Step 5 Verify that your application is scheduled to run on level 3 by running chkconfig --list application_name andconfirm that level 3 is set to on

Step 6 Verify that your application is listed in /etc/rc3.d. You should see something like this, where there is an'S' followed by a number, followed by your application name (tcollector in this example), and a link to yourbash startup script in ../init.d/application_name

bash-4.2# ls -l /etc/rc3.d/tcollector

lrwxrwxrwx 1 root root 20 Sep 25 22:56 /etc/rc3.d/S15tcollector -> ../init.d/tcollector

bash-4.2#

An Example Application in the Native Bash ShellThe following example demonstrates an application in the Native Bash Shell:bash-4.2# cat /etc/init.d/hello.sh#!/bin/bash

PIDFILE=/tmp/hello.pidOUTPUTFILE=/tmp/hello

echo $$ > $PIDFILErm -f $OUTPUTFILEwhile truedo

echo $(date) >> $OUTPUTFILEecho 'Hello World' >> $OUTPUTFILEsleep 10

donebash-4.2#bash-4.2#bash-4.2# cat /etc/init.d/hello#!/bin/bash## hello Trivial "hello world" example Third Party App## chkconfig: 2345 15 85# description: Trivial example Third Party App#### BEGIN INIT INFO# Provides: hello# Required-Start: $local_fs $remote_fs $network $named# Required-Stop: $local_fs $remote_fs $network# Description: Trivial example Third Party App### END INIT INFO

PIDFILE=/tmp/hello.pid

# See how we were called.case "$1" instart)

/etc/init.d/hello.sh &

Bash9

BashAn Example Application in the Native Bash Shell

RETVAL=$?;;stop)

kill -9 `cat $PIDFILE`RETVAL=$?

;;status)

ps -p `cat $PIDFILE`RETVAL=$?

;;restart|force-reload|reload)

kill -9 `cat $PIDFILE`/etc/init.d/hello.sh &RETVAL=$?

;;*)echo $"Usage: $prog {start|stop|status|restart|force-reload}"RETVAL=2esac

exit $RETVALbash-4.2#bash-4.2# chkconfig --add hellobash-4.2# chkconfig --level 3 hello onbash-4.2# chkconfig --list hellohello 0:off 1:off 2:on 3:on 4:on 5:on 6:offbash-4.2# ls -al /etc/rc3.d/*hello*lrwxrwxrwx 1 root root 15 Sep 27 18:00 /etc/rc3.d/S15hello -> ../init.d/hellobash-4.2#bash-4.2# reboot

After reloadbash-4.2# ps -ef | grep helloroot 8790 1 0 18:03 ? 00:00:00 /bin/bash /etc/init.d/hello.shroot 8973 8775 0 18:04 ttyS0 00:00:00 grep hellobash-4.2#bash-4.2# ls -al /tmp/hello*-rw-rw-rw- 1 root root 205 Sep 27 18:04 /tmp/hello-rw-rw-rw- 1 root root 5 Sep 27 18:03 /tmp/hello.pidbash-4.2# cat /tmp/hello.pid8790bash-4.2# cat /tmp/helloSun Sep 27 18:03:49 UTC 2015Hello WorldSun Sep 27 18:03:59 UTC 2015Hello WorldSun Sep 27 18:04:09 UTC 2015Hello WorldSun Sep 27 18:04:19 UTC 2015Hello WorldSun Sep 27 18:04:29 UTC 2015Hello WorldSun Sep 27 18:04:39 UTC 2015Hello Worldbash-4.2#

Bash10

BashAn Example Application in the Native Bash Shell